Class SecurityHandler
- java.lang.Object
-
- org.apache.pdfbox.pdmodel.encryption.SecurityHandler
-
- Direct Known Subclasses:
PublicKeySecurityHandler
,StandardSecurityHandler
public abstract class SecurityHandler extends java.lang.Object
A security handler as described in the PDF specifications. A security handler is responsible of documents protection.
-
-
Field Summary
Fields Modifier and Type Field Description private static byte[]
AES_SALT
private AccessPermission
currentAccessPermission
The access permission granted to the current user for the document.private java.security.SecureRandom
customSecureRandom
Can be used to allow stateless AES encryptionprivate boolean
decryptMetadata
indicates if the Metadata have to be decrypted of not.private static int
DEFAULT_KEY_LENGTH
protected byte[]
encryptionKey
The encryption key that will used to encrypt / decrypt.protected int
keyLength
The length in bits of the secret key used to encrypt the document.private static org.apache.commons.logging.Log
LOG
private java.util.Set<COSBase>
objects
private ProtectionPolicy
protectionPolicy
private RC4Cipher
rc4
The RC4 implementation used for cryptographic functions.private COSName
streamFilterName
The stream filter name.private COSName
stringFilterName
The string filter name.private boolean
useAES
-
Constructor Summary
Constructors Constructor Description SecurityHandler()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description private byte[]
calcFinalKey(long objectNumber, long genNumber)
Calculate the key to be used for RC4 and AES-128.protected int
computeVersionNumber()
Computes the version number of theSecurityHandler
based on the encryption key length.private javax.crypto.Cipher
createCipher(byte[] key, byte[] iv, boolean decrypt)
void
decrypt(COSBase obj, long objNum, long genNum)
This will dispatch to the correct method.private void
decryptArray(COSArray array, long objNum, long genNum)
This will decrypt an array.private void
decryptDictionary(COSDictionary dictionary, long objNum, long genNum)
This will decrypt a dictionary.void
decryptStream(COSStream stream, long objNum, long genNum)
This will decrypt a stream.private void
decryptString(COSString string, long objNum, long genNum)
This will decrypt a string.private void
encryptData(long objectNumber, long genNumber, java.io.InputStream data, java.io.OutputStream output, boolean decrypt)
Encrypt or decrypt a set of data.private void
encryptDataAES256(java.io.InputStream data, java.io.OutputStream output, boolean decrypt)
Encrypt or decrypt data with AES256.private void
encryptDataAESother(byte[] finalKey, java.io.InputStream data, java.io.OutputStream output, boolean decrypt)
Encrypt or decrypt data with AES with key length other than 256 bits.protected void
encryptDataRC4(byte[] finalKey, byte[] input, java.io.OutputStream output)
Encrypt or decrypt data with RC4.protected void
encryptDataRC4(byte[] finalKey, java.io.InputStream input, java.io.OutputStream output)
Encrypt or decrypt data with RC4.void
encryptStream(COSStream stream, long objNum, int genNum)
This will encrypt a stream, but not the dictionary as the dictionary is encrypted by visitFromString() in COSWriter and we don't want to encrypt it twice.void
encryptString(COSString string, long objNum, int genNum)
This will encrypt a string.AccessPermission
getCurrentAccessPermission()
Returns the access permissions that were computed during document decryption.byte[]
getEncryptionKey()
Returns the current encryption key data.int
getKeyLength()
Getter of the property keyLength.protected ProtectionPolicy
getProtectionPolicy()
Returns the setProtectionPolicy
or null.private java.security.SecureRandom
getSecureRandom()
Returns a SecureRandom If customSecureRandom is not defined, instantiate a new SecureRandomboolean
hasProtectionPolicy()
Returns whether a protection policy has been set.boolean
isAES()
True if AES is used for encryption and decryption.private boolean
prepareAESInitializationVector(boolean decrypt, byte[] iv, java.io.InputStream data, java.io.OutputStream output)
abstract void
prepareDocumentForEncryption(PDDocument doc)
Prepare the document for encryption.abstract void
prepareForDecryption(PDEncryption encryption, COSArray documentIDArray, DecryptionMaterial decryptionMaterial)
Prepares everything to decrypt the document.void
setAES(boolean aesValue)
Set to true if AES for encryption and decryption should be used.void
setCurrentAccessPermission(AccessPermission currentAccessPermission)
Sets the access permissions.void
setCustomSecureRandom(java.security.SecureRandom customSecureRandom)
Set the custom SecureRandom.protected void
setDecryptMetadata(boolean decryptMetadata)
Set whether to decrypt meta data.void
setEncryptionKey(byte[] encryptionKey)
Sets the current encryption key data.void
setKeyLength(int keyLen)
Setter of the property keyLength.protected void
setProtectionPolicy(ProtectionPolicy protectionPolicy)
Sets theProtectionPolicy
to the given value.protected void
setStreamFilterName(COSName streamFilterName)
Set the stream filter name.protected void
setStringFilterName(COSName stringFilterName)
Set the string filter name.
-
-
-
Field Detail
-
LOG
private static final org.apache.commons.logging.Log LOG
-
DEFAULT_KEY_LENGTH
private static final int DEFAULT_KEY_LENGTH
- See Also:
- Constant Field Values
-
AES_SALT
private static final byte[] AES_SALT
-
keyLength
protected int keyLength
The length in bits of the secret key used to encrypt the document. Will become private in 3.0.
-
encryptionKey
protected byte[] encryptionKey
The encryption key that will used to encrypt / decrypt. Will become private in 3.0.
-
rc4
private final RC4Cipher rc4
The RC4 implementation used for cryptographic functions.
-
decryptMetadata
private boolean decryptMetadata
indicates if the Metadata have to be decrypted of not.
-
customSecureRandom
private java.security.SecureRandom customSecureRandom
Can be used to allow stateless AES encryption
-
objects
private final java.util.Set<COSBase> objects
-
useAES
private boolean useAES
-
protectionPolicy
private ProtectionPolicy protectionPolicy
-
currentAccessPermission
private AccessPermission currentAccessPermission
The access permission granted to the current user for the document. These permissions are computed during decryption and are in read only mode.
-
streamFilterName
private COSName streamFilterName
The stream filter name.
-
stringFilterName
private COSName stringFilterName
The string filter name.
-
-
Method Detail
-
setDecryptMetadata
protected void setDecryptMetadata(boolean decryptMetadata)
Set whether to decrypt meta data.- Parameters:
decryptMetadata
- true if meta data has to be decrypted.
-
setStringFilterName
protected void setStringFilterName(COSName stringFilterName)
Set the string filter name.- Parameters:
stringFilterName
- the string filter name.
-
setStreamFilterName
protected void setStreamFilterName(COSName streamFilterName)
Set the stream filter name.- Parameters:
streamFilterName
- the stream filter name.
-
setCustomSecureRandom
public void setCustomSecureRandom(java.security.SecureRandom customSecureRandom)
Set the custom SecureRandom.- Parameters:
customSecureRandom
- the custom SecureRandom for AES encryption
-
prepareDocumentForEncryption
public abstract void prepareDocumentForEncryption(PDDocument doc) throws java.io.IOException
Prepare the document for encryption.- Parameters:
doc
- The document that will be encrypted.- Throws:
java.io.IOException
- If there is an error with the document.
-
prepareForDecryption
public abstract void prepareForDecryption(PDEncryption encryption, COSArray documentIDArray, DecryptionMaterial decryptionMaterial) throws java.io.IOException
Prepares everything to decrypt the document.- Parameters:
encryption
- encryption dictionary, can be retrieved viaPDDocument.getEncryption()
documentIDArray
- document id which is returned viaCOSDocument.getDocumentID()
decryptionMaterial
- Information used to decrypt the document.- Throws:
InvalidPasswordException
- If the password is incorrect.java.io.IOException
- If there is an error accessing data.
-
encryptData
private void encryptData(long objectNumber, long genNumber, java.io.InputStream data, java.io.OutputStream output, boolean decrypt) throws java.io.IOException
Encrypt or decrypt a set of data.- Parameters:
objectNumber
- The data object number.genNumber
- The data generation number.data
- The data to encrypt.output
- The output to write the encrypted data to.decrypt
- true to decrypt the data, false to encrypt it.- Throws:
java.io.IOException
- If there is an error reading the data.
-
calcFinalKey
private byte[] calcFinalKey(long objectNumber, long genNumber)
Calculate the key to be used for RC4 and AES-128.- Parameters:
objectNumber
- The data object number.genNumber
- The data generation number.- Returns:
- the calculated key.
-
encryptDataRC4
protected void encryptDataRC4(byte[] finalKey, java.io.InputStream input, java.io.OutputStream output) throws java.io.IOException
Encrypt or decrypt data with RC4.- Parameters:
finalKey
- The final key obtained with viacalcFinalKey(long, long)
.input
- The data to encrypt.output
- The output to write the encrypted data to.- Throws:
java.io.IOException
- If there is an error reading the data.
-
encryptDataRC4
protected void encryptDataRC4(byte[] finalKey, byte[] input, java.io.OutputStream output) throws java.io.IOException
Encrypt or decrypt data with RC4.- Parameters:
finalKey
- The final key obtained with viacalcFinalKey(long, long)
.input
- The data to encrypt.output
- The output to write the encrypted data to.- Throws:
java.io.IOException
- If there is an error reading the data.
-
encryptDataAESother
private void encryptDataAESother(byte[] finalKey, java.io.InputStream data, java.io.OutputStream output, boolean decrypt) throws java.io.IOException
Encrypt or decrypt data with AES with key length other than 256 bits.- Parameters:
finalKey
- The final key obtained with viacalcFinalKey(long, long)
.data
- The data to encrypt.output
- The output to write the encrypted data to.decrypt
- true to decrypt the data, false to encrypt it.- Throws:
java.io.IOException
- If there is an error reading the data.
-
encryptDataAES256
private void encryptDataAES256(java.io.InputStream data, java.io.OutputStream output, boolean decrypt) throws java.io.IOException
Encrypt or decrypt data with AES256.- Parameters:
data
- The data to encrypt.output
- The output to write the encrypted data to.decrypt
- true to decrypt the data, false to encrypt it.- Throws:
java.io.IOException
- If there is an error reading the data.
-
createCipher
private javax.crypto.Cipher createCipher(byte[] key, byte[] iv, boolean decrypt) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
prepareAESInitializationVector
private boolean prepareAESInitializationVector(boolean decrypt, byte[] iv, java.io.InputStream data, java.io.OutputStream output) throws java.io.IOException
- Throws:
java.io.IOException
-
getSecureRandom
private java.security.SecureRandom getSecureRandom()
Returns a SecureRandom If customSecureRandom is not defined, instantiate a new SecureRandom- Returns:
- SecureRandom
-
decrypt
public void decrypt(COSBase obj, long objNum, long genNum) throws java.io.IOException
This will dispatch to the correct method.- Parameters:
obj
- The object to decrypt.objNum
- The object number.genNum
- The object generation Number.- Throws:
java.io.IOException
- If there is an error getting the stream data.
-
decryptStream
public void decryptStream(COSStream stream, long objNum, long genNum) throws java.io.IOException
This will decrypt a stream.- Parameters:
stream
- The stream to decrypt.objNum
- The object number.genNum
- The object generation number.- Throws:
java.io.IOException
- If there is an error getting the stream data.
-
encryptStream
public void encryptStream(COSStream stream, long objNum, int genNum) throws java.io.IOException
This will encrypt a stream, but not the dictionary as the dictionary is encrypted by visitFromString() in COSWriter and we don't want to encrypt it twice.- Parameters:
stream
- The stream to decrypt.objNum
- The object number.genNum
- The object generation number.- Throws:
java.io.IOException
- If there is an error getting the stream data.
-
decryptDictionary
private void decryptDictionary(COSDictionary dictionary, long objNum, long genNum) throws java.io.IOException
This will decrypt a dictionary.- Parameters:
dictionary
- The dictionary to decrypt.objNum
- The object number.genNum
- The object generation number.- Throws:
java.io.IOException
- If there is an error creating a new string.
-
decryptString
private void decryptString(COSString string, long objNum, long genNum) throws java.io.IOException
This will decrypt a string.- Parameters:
string
- the string to decrypt.objNum
- The object number.genNum
- The object generation number.- Throws:
java.io.IOException
- If an error occurs writing the new string.
-
encryptString
public void encryptString(COSString string, long objNum, int genNum) throws java.io.IOException
This will encrypt a string.- Parameters:
string
- the string to encrypt.objNum
- The object number.genNum
- The object generation number.- Throws:
java.io.IOException
- If an error occurs writing the new string.
-
decryptArray
private void decryptArray(COSArray array, long objNum, long genNum) throws java.io.IOException
This will decrypt an array.- Parameters:
array
- The array to decrypt.objNum
- The object number.genNum
- The object generation number.- Throws:
java.io.IOException
- If there is an error accessing the data.
-
getKeyLength
public int getKeyLength()
Getter of the property keyLength.- Returns:
- Returns the keyLength.
-
setKeyLength
public void setKeyLength(int keyLen)
Setter of the property keyLength.- Parameters:
keyLen
- The keyLength to set.
-
setCurrentAccessPermission
public void setCurrentAccessPermission(AccessPermission currentAccessPermission)
Sets the access permissions.- Parameters:
currentAccessPermission
- The access permissions to be set.
-
getCurrentAccessPermission
public AccessPermission getCurrentAccessPermission()
Returns the access permissions that were computed during document decryption. The returned object is in read only mode.- Returns:
- the access permissions or null if the document was not decrypted.
-
isAES
public boolean isAES()
True if AES is used for encryption and decryption.- Returns:
- true if AEs is used
-
setAES
public void setAES(boolean aesValue)
Set to true if AES for encryption and decryption should be used.- Parameters:
aesValue
- if true AES will be used
-
hasProtectionPolicy
public boolean hasProtectionPolicy()
Returns whether a protection policy has been set.- Returns:
- true if a protection policy has been set.
-
getProtectionPolicy
protected ProtectionPolicy getProtectionPolicy()
Returns the setProtectionPolicy
or null.- Returns:
- The set
ProtectionPolicy
.
-
setProtectionPolicy
protected void setProtectionPolicy(ProtectionPolicy protectionPolicy)
Sets theProtectionPolicy
to the given value.- Parameters:
protectionPolicy
- TheProtectionPolicy
, that shall be set.
-
getEncryptionKey
public byte[] getEncryptionKey()
Returns the current encryption key data.- Returns:
- The current encryption key data.
-
setEncryptionKey
public void setEncryptionKey(byte[] encryptionKey)
Sets the current encryption key data.- Parameters:
encryptionKey
- The encryption key data to set.
-
computeVersionNumber
protected int computeVersionNumber()
Computes the version number of theSecurityHandler
based on the encryption key length. See PDF Spec 1.6 p 93 and PDF 1.7 Supplement ExtensionLevel: 3 and PDF Spec 2.0.- Returns:
- The computed version number.
-
-